HHS finds vulnerabilities in cybersecurity testing

Since issuing cybersecurity vulnerability tests within HHS networks, the Office of Inspector General is instating ongoing cybersecurity audits, according to Fedscoop.

During fiscal year 2016-17, the OIG hired Defense Point Security, an Accenture Federal unit, to conduct cybersecurity tests. While the methods are unknown, the company conducted penetration testing in eight of HHS's 11 operating divisions.

Since the testing, HHS is implementing recommendations and suggestions from the report to remove the cybersecurity vulnerabilities. Each department has received specific instructions on the issues it needs to fix.

"We have initiated a new series of audits looking for indicators of compromise on HHS and OPDIV systems to determine whether an active threat exists on HHS networks or whether there has been a past breach by threat actors," the summary says.

The most recent testing doubled the number of departments tested from previous cybersecurity tests.